WordPress 2.8.5: Hardening Release

WordPress 2.8.5

Was checking some stuff on my WP Dashboard a few minutes ago when I noticed that there was notification advising me to upgrade to WordPress 2.8.5. Here’s an excerpt from the WordPress blog regarding this recent release:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought we worth back-porting to the 2.8 branch so as to get these improvements out there and making all your sites as secure as possible.

WordPress 2.8.5 headline changes:

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

Recently, there’s been a lot of attacks and exploits on WordPress blogs. Lately, I’ve been receiving a lot of notifications from the WordPress Firewall plugin regarding attacks on my blog. If you think that your blog has been compromised you can use the WordPress Exploit Scanner plugin to check your blog for any traces of exploits.

I’ve just upgraded my WordPress install to version 2.8.5 and I strongly suggest that you do too. It will only take a few minutes of your time and it won’t only make your blog more secure but it will also give you some peace of mind.

If you haven’t upgraded to WordPress 2.8.5, you are advised to do so immediately to avoid the risks of a DDOS attack and prevent future problems and headaches on your blog or website.

Download WordPress 2.8.5 now!

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

6 Comments

  1. @VC – This is just a hardening release that fixed a few bugs to keep your blog more secure and make it more ready for the next stable release – version 2.9.

    WordPress encourages but doesn’t force users to upgrade. If you don’t want to upgrade, its totally up to you. These upgrades are made to help us keep our blogs more stable and secure.

  2. I don’t understand why they released the new version so quickly after the last update 2 months ago.
    I don’t see any changing in this new version. It’s not really necessary to upgrade.

  3. @Jhay – Really? Its been a while since that happened to me after I upgraded my WordPress install. But anyways, that upgrade.php page is just a confirmation, kinda like a formality. Hehe

  4. I think this is the first WP upgrade I applied that worked “out-of-the-box” because after I uploaded the files via FTP, it didn’t redirected me to the /wp-admin/upgrade.php page. :D

  5. @jan – Good job! Now you can sleep better knowing that your blog has the latest version of WordPress. Yes, the WP Firewall plugin is a totally different plugin from the WordPress Exploit Scanner plugin.

Leave a Reply to jan geronimo Cancel reply

Your email address will not be published. Required fields are marked *

JaypeeOnline